{"id":1503,"date":"2021-05-12T08:40:02","date_gmt":"2021-05-12T08:40:02","guid":{"rendered":"https:\/\/cheapsslsecurity.com\/p\/?p=1503"},"modified":"2025-06-11T20:28:32","modified_gmt":"2025-06-11T20:28:32","slug":"how-to-redirect-http-to-https-in-htaccess-wordpress","status":"publish","type":"post","link":"https:\/\/cheapsslsecurity.com\/p\/how-to-redirect-http-to-https-in-htaccess-wordpress\/","title":{"rendered":"How to Redirect HTTP to HTTPS in .htaccess for a WordPress Website"},"content":{"rendered":"

Quickly Force HTTPS Redirection After Installing SSL by Editing the .htaccess File<\/strong><\/h2>\n

An SSL\/TLS certificate is no longer an option\u2026 it\u2019s mandatory to have it\u00a0installed on your WordPress website<\/a>\u00a0to prevent the dreaded \u201cNot Secure\u201d warning.<\/p>\n

<\/p>\n

Suppose you\u2019ve hosted your website on\u00a0managed web-hosting<\/a>. You may likely have never come across redirection issues because it automatically loads your site on HTTPS once the SSL is installed. In other words, site visitors can view your website from HTTP to HTTPS once the SSL is installed.<\/p>\n

For instance: https:\/\/www.domainexample.com\/<\/p>\n

However, sometimes, HTTP to HTTPS is not redirected automatically, maybe because your hosting provider is not supporting it or due to another reason. But, if your website is hosted on an Apache server, you can tweak the .htaccess file for redirecting your WordPress website from an insecure HTTP connection to a secure HTTPS connection.<\/p>\n

Here\u2019s How to Redirect HTTP to HTTPS to Serve Your Site Securely<\/strong><\/h2>\n

The code below forces any given HTTP request to be rewritten and changed to a secure HTTPS connection. For instance, the code below will force http:\/\/domainexample.com to load securely on an HTTPS connection as https:\/\/domainexample.com.
\n
\nRewriteEngine On
\nRewriteCond %{HTTPS} !=on
\nRewriteRule ^(.*)$ https:\/\/%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
\nHeader always set Content-Security-Policy \"upgrade-insecure-requests;\"
\n<\/code>
\nLikewise, the code mentioned above will also force directly linked resources such as CSS, images, etc., to use HTTPS. However, if the above code isn\u2019t working, then you\u2019ll need to verify line endings. For instance, copy\/paste from web browser to text editor may fail to pass correctly. So, once you copy and paste the above code into your text editor, you should verify and delete each line break.<\/p>\n

Forcing HTTPS Connection by Editing .htaccess File of Your WordPress Site<\/strong><\/h2>\n

Although you\u2019ve installed an SSL\/TLS certificate into your WordPress website, user can sometimes end up landing on the HTTP-based website if you haven\u2019t done the redirection. So, you\u2019re required to force an HTTP request to be redirected to HTTPS.<\/p>\n

There are two different types of code options that you can use. For instance, if the first one doesn\u2019t work, you can go for the second option.<\/p>\n

Option 1:<\/strong><\/h3>\n


\nRewriteEngine On
\nRewriteCond %{HTTPS} !=on
\nRewriteRule ^(.*)$ https:\/\/%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
\nHeader always set Content-Security-Policy \"upgrade-insecure-requests;\"
\n<\/code><\/p>\n

Example That Includes Default WordPress Code<\/h3>\n

Below is the .htaccess file code along with the new code that forces a HTTPS connection:
\n
\nRewriteEngine On
\nRewriteCond %{HTTPS} !=on
\nRewriteRule ^(.*)$ https:\/\/%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
\nHeader always set Content-Security-Policy \"upgrade-insecure-requests;\"
\n# BEGIN WordPress
\n# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
\n# dynamically generated, and should only be modified via WordPress filters.
\n# Any changes to the directives between these markers will be overwritten.
\n<IfModule mod_rewrite.c>
\nRewriteEngine On
\nRewriteBase \/
\nRewriteRule ^index\\.php$ - [L]
\nRewriteCond %{REQUEST_FILENAME} !-f
\nRewriteCond %{REQUEST_FILENAME} !-d
\nRewriteRule . \/index.php [L]
\n<\/IfModule>
\n# END WordPress
\n<\/code><\/p>\n

Option 2:<\/h3>\n

It\u2019s another option. However, before moving forward, make sure you change exampledomain.com to your actual domain name.<\/p>\n


\nRewriteEngine On
\nRewriteCond %{SERVER_PORT} 80
\nRewriteRule ^(.*)$ https:\/\/www.exampledomain.com\/$1 [R=301,L,NE]
\nHeader always set Content-Security-Policy \"upgrade-insecure-requests;\"
\n<\/code><\/p>\n

Full Example That Includes Default WordPress Code<\/h3>\n

Here\u2019s the code for .htaccess file:<\/p>\n


\nRewriteEngine On
\nRewriteCond %{SERVER_PORT} 80
\nRewriteRule ^(.*)$ https:\/\/www.exampledomain.com\/$1 [R=301,L,NE]
\nHeader always set Content-Security-Policy \"upgrade-insecure-requests;\"<\/code><\/p>\n

# BEGIN WordPress
\n# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
\n# dynamically generated, and should only be modified via WordPress filters.
\n# Any changes to the directives between these markers will be overwritten.
\n<IfModule mod_rewrite.c>
\nRewriteEngine On
\nRewriteBase \/
\nRewriteRule ^index\\.php$ – [L]
\nRewriteCond %{REQUEST_FILENAME} !-f
\nRewriteCond %{REQUEST_FILENAME} !-d
\nRewriteRule . \/index.php [L]
\n<\/IfModule>
\n# END WordPress<\/p>\n

Once you copy and paste the code mentioned above from any of the given options, your website should start redirecting to HTTPS. However, sometimes you may encounter mixed content warnings and there could be different reasons why that would occur.\u00a0So, after forcing an HTTPS connection, if you may face this mixed content error instead of it redirecting to HTTPS, it\u2019s most likely that it\u2019ll be solved and redirected to HTTPS once you\u00a0resolve the mixed content warning<\/a>.<\/p>\n

What\u2019s the .htaccess File?<\/strong><\/h2>\n

The .htaccess File is one type of configuration file that\u2019s used by the Apache server. It\u2019s capable of overriding different settings of server configurations, and it\u2019s often used for cache control, website optimization, URL rewriting, and authorization.<\/p>\n

Here Are the Different Ways to Edit the .htaccess File in Your WordPress Website<\/strong><\/h2>\n

There are three different ways to edit the .htaccess file within WordPress, and they\u2019re as below:<\/p>\n